Two-Factor Authentication (2FA / TOTP)

Your TrekMail account controls all your domains, mailboxes, and billing. If someone gains access to it — through a leaked password, a phishing attempt, or credential stuffing — they could delete your mailboxes, redirect your email, or lock you out entirely.

Two-factor authentication (2FA) prevents this by requiring a second proof of identity when you log in. Even if an attacker knows your password, they cannot get in without also having access to your phone.

How 2FA works in TrekMail

TrekMail uses TOTP — Time-based One-Time Passwords. A free authenticator app on your phone generates a new 6-digit code every 30 seconds. When you log in, TrekMail asks for this code after your password. The code is only valid for 30 seconds, so even if it were intercepted, it cannot be reused.

Setting up 2FA

You will need an authenticator app. Any TOTP-compatible app works. Popular choices:

• Google Authenticator (iOS / Android) — free, simple, offline
• Authy (iOS / Android / Desktop) — free, includes cloud backup
• 1Password — paid, integrates with your password manager
• Microsoft Authenticator (iOS / Android) — free

Install your chosen app before starting the steps below.

To enable 2FA:

1. Log in to the TrekMail dashboard
2. Click your avatar (top-right) → Settings → Security
3. Click Enable Two-Factor Authentication
4. Open your authenticator app and scan the QR code shown on screen
5. Your app displays a 6-digit code — enter it in the confirmation field
6. Click Verify

Save your recovery codes now. TrekMail shows you a set of one-time recovery codes immediately after setup. These codes let you log in if you ever lose access to your authenticator app. Store them somewhere safe — a password manager, printed paper in a locked drawer, or a secure note. If you lose your phone and do not have recovery codes, regaining access requires contacting support to verify your identity.

Logging in with 2FA enabled

After entering your email and password, you see a second screen asking for a code:

1. Open your authenticator app
2. Find the TrekMail entry — it shows the current 6-digit code and a countdown timer
3. Enter the code before it expires
4. Click Verify

You are then logged in normally. Sessions stay active until you log out or they expire from inactivity. You will not be asked for a code again during the same session.

Disabling 2FA

If you need to remove 2FA — for example, to switch to a new authenticator app:

1. Go to Settings → Security
2. Click Disable Two-Factor Authentication
3. Enter the current 6-digit code from your authenticator app to confirm
4. 2FA is removed immediately

After disabling, log in with just your password until you re-enable it.

Managing recovery codes

Recovery codes are single-use. Each time you use one to log in, it is consumed and cannot be used again. If you have used several codes and are running low, generate a fresh set:

1. Go to Settings → Security → Two-Factor Authentication
2. Click View recovery codes or Regenerate codes
3. Save the new codes and discard the old ones (any unused old codes become invalid when you regenerate)

Troubleshooting

Code is always rejected even though it looks correct The most common cause is that your phone's clock is slightly out of sync. TOTP codes are time-based and expire every 30 seconds — if your device's time is even a minute off, codes will consistently fail.

• On iPhone: Settings → General → Date & Time → Set Automatically (enable)
• On Android: Settings → System → Date & Time → Use network-provided time (enable)

Lost your phone or deleted the authenticator app Use one of your recovery codes on the login screen. Click Use a recovery code where you would normally enter the 6-digit code, then enter one of your saved recovery codes. Once logged in, disable 2FA and re-enable it with a new device.

You do not have recovery codes and cannot log in Contact TrekMail support. We will need to verify your identity through your account email or billing information before we can help restore access.